‘Big Red Flag’: Automakers’ Trade Secrets Exposed in Data Leak

Automakers like Tesla, Toyota and Volkswagen go to great lengths to keep their technical information confidential. Details about assembly line machinery and proprietary robotics are among the industry’s most closely guarded trade secrets.

But this month, a security researcher came across tens of thousands of sensitive corporate documents — including many from nearly all of the largest auto manufacturers — on the open internet, unprotected. The trove included material from more than 100 companies that had interacted with a small Canadian company, Level One Robotics and Controls.

Among the documents were detailed blueprints and factory schematics; client materials such as contracts, invoices and work plans; and even dozens of nondisclosure agreements describing the sensitivity of the exposed information.

“That was a big red flag,” said Chris Vickery, the researcher who found the data. “If you see NDAs, you know right away that you’ve found something that’s not supposed to be publicly available.”

It was unclear whether anyone else had seen or downloaded the unguarded data, which included some personal information, such as scanned driver’s licenses and passports, on Level One employees but otherwise appeared to be confined to corporate secrets. Mr. Vickery alerted the company last week, and the exposed information was taken offline within a day.

But the inadvertent exposure of customers’ data illustrates a problem confounding businesses: Some of their biggest security risks come from their suppliers and contractors.